[....] Starting enhanced syslogd: rsyslogd[ 11.858677] audit: type=1400 audit(1513763045.814:5): avc: denied { syslog } for pid=2993 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.515141] audit: type=1400 audit(1513763051.470:6): avc: denied { map } for pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.15.212' (ECDSA) to the list of known hosts. 2017/12/20 09:44:18 fuzzer started [ 24.740575] audit: type=1400 audit(1513763058.696:7): avc: denied { map } for pid=3145 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/20 09:44:18 dialing manager at 10.128.0.26:43723 2017/12/20 09:44:21 kcov=true, comps=true [ 27.864777] audit: type=1400 audit(1513763061.820:8): avc: denied { map } for pid=3145 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=87 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2017/12/20 09:44:22 executing program 0: mmap(&(0x7f0000000000/0xfe8000)=nil, 0xfe8000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000002, 0x0) sendmsg(r0, &(0x7f0000f66000-0x38)={&(0x7f0000fe6000)=@generic={0xa, "daf8ffe6ffffff0001f20000000000b61b340e63f8ab691822e903e7d64ac8fef9507f000daec57f844686fbbf26093d6b53efc1cb2b880001186a68506776e9eba5ebd039273202a52700faccec35120ec64fc333c1c99287b26eaece2900727e347f814dc256ce82cb2c8080000000bff900000000000000076167b456"}, 0x80, &(0x7f0000f6c000)=[], 0x0, &(0x7f0000fe1000-0x12e8)=[], 0x0, 0x0}, 0x0) 2017/12/20 09:44:22 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000710000-0x1d)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d6e000)=0x0, 0x4) sendto$inet6(r0, &(0x7f000076b000-0x1)="c9", 0x1, 0x0, &(0x7f0000ae0000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) sendto$inet6(r0, &(0x7f000065d000)="bd", 0x1, 0x0, &(0x7f0000fec000-0x1c)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2017/12/20 09:44:22 executing program 3: 2017/12/20 09:44:22 executing program 4: 2017/12/20 09:44:22 executing program 5: 2017/12/20 09:44:22 executing program 1: 2017/12/20 09:44:22 executing program 6: 2017/12/20 09:44:23 executing program 2: [ 28.989377] audit: type=1400 audit(1513763062.945:9): avc: denied { map } for pid=3145 comm="syz-fuzzer" path="/root/syzkaller-shm470261277" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.149809] audit: type=1400 audit(1513763064.105:10): avc: denied { sys_admin } for pid=3188 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.322703] audit: type=1400 audit(1513763064.278:11): avc: denied { sys_chroot } for pid=3363 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/20 09:44:24 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000bf6000)=0x177, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f00003f4000)=0xfffffffffffffff9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1000000005, &(0x7f0000c22000-0x4)=0x4, 0x4) sendto$inet6(r0, &(0x7f00009f1000-0x3d)="", 0x0, 0x0, &(0x7f0000f5b000-0x1c)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) recvmmsg(r0, &(0x7f0000f61000)=[{{&(0x7f0000f63000-0x10)=@ipx={0x0, 0x0, 0x0, ""/6, 0x0, 0x0}, 0x10, &(0x7f0000f5d000)=[], 0x0, &(0x7f0000f62000)=""/0, 0x0, 0x0}, 0x0}], 0x1, 0x2041, 0x0) 2017/12/20 09:44:24 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000005000)='/dev/binder#\x00', 0x0, 0x0) close(r0) r1 = syz_open_dev$binder(&(0x7f0000009000-0xd)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00004ee000-0x30)={0x4, 0x0, &(0x7f000022c000-0x4)=[@register_looper={0x630b}], 0x48, 0x0, &(0x7f00004ed000)="d8fc1dd16de371f1d99e3b4d488546c2bbb067efde9e55e9d1048602c19fe0b0078ade697201170fdbcc34816df860d3f87023a9d8567fa3297aac9d65b25106fc55ed85da8cb6f3"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000006000-0x2c)=[@acquire_done={0x40486311, 0x0, 0x0}], 0x0, 0x0, &(0x7f0000002000)=""}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004000)={0x4c, 0x0, &(0x7f000000c000-0x80)=[@reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x8, &(0x7f000000a000)=[@fda={0x77622a85, 0xfffffffffffffffe, 0x0, 0x0}], &(0x7f000000b000)=[0x0]}, 0x0}}], 0x0, 0x0, &(0x7f000000b000)=""}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000e000-0x30)={0x8, 0x0, &(0x7f0000d82000-0x10)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, &(0x7f000000e000-0xca)=""}) 2017/12/20 09:44:24 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001ff000-0x1c)={0xa, 0x2, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000)="8d", 0x1, 0x20000004, &(0x7f0000cc8000-0x1c)={0xa, 0x2, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000040fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(r1, &(0x7f0000651000)=@alg={0x0, ""/14, 0x0, 0x0, ""/64}, &(0x7f0000716000-0x4)=0x58, 0x0) 2017/12/20 09:44:24 executing program 3: 2017/12/20 09:44:24 executing program 4: 2017/12/20 09:44:24 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000687000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f00007f8000-0x68)={0x79, 0x0, [0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f000079c000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8241}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000ac4000)={"8a927799b09a029f01061eda96dd379385fc78b28fcbf8eb8455a6fb67a8de46d4d436f5a01a46191dc792f414ac8437036bb34b6632c980073c4cdc084a1966c440f15811b116f5b50e90810603f10a2c83eb8c06219424d0b67e4bb4b3c5199cadd60d3f6fc72a7eb011b622072532229fbc9d9c4d1e0451d8092b0d584c8fd736ee3e7d73d5267b67a69251b1a864fb90692d30ec7e806326f17f0a7a24aa58b111193c880000000158cb00807d63dfb58775215937ae2b62b46c6d6916f2fc52eeab0000060000000003252929e628ad2c34a0ef717fb2504d9bd66eabce8f2fafc812148e072f3087a5566c38fda729442c3ebd62e970a9a3eb242747993601a1a186b8376d39c69c6de503b2638feeae79436a9708b3bb19f38377382ea7b4c9c2d674b80ef220109f8fa8200de4794547b4da6430ac512116d358949a298812c5d540179e0000000000000000d4053474ba93a8ad32b16371b42350bf984abb465228cfd848e54abc383d21d00200000000000000bf10bd30a1371757b138ed4a19db7c777995fd42ad446d9d2755f8552563c7639ce00da8ee01009ded52625a000000000020dbd0695beeae158271064ea7000000000000000394f37ec9d0c3bc4923cc7b631c6df64f28d75d99443d6653db3c6b7961190e8f82a233925540b32ce4f47168ef93f01aef51c697c457944206c1b2af2eb21ed8437a371c0b427cd8c94f3952ee752b858eb5bf410a0c4f4793cd6638a2a23d68cb6e86925599fbc1361b8ce27bf6d79027894b6c0003cc97a64085edf383a51eef947915369bdd4fc3cded2663d1751583008fbba284c5b6ffc5251019eaee59d117d34c73e50fbd33ceb4508c00000000800000004a884a13542dee77b265178301a5d9260036ccc70d695105d1ddb56f1ac26584547d8d5cecb3c672068cc7ab31ddc5b47c253b587d712c6113acdf49fa0100de0f7b3717528e35b7e70733538a5cec8f69000000198d02baab7690fab7933b676deddb27755d6a8f29c643dfff0e4bd7c2b13b7a57a3120c9dcbb70200339dc0862dafad481a63e7f90d14c54803d8b100eead5cae9a0a7b2f329c3b00000000007c0002f4b2eebf5bcd42688b08a10a6575a31f81f01c13c7cb674ff41cb3c7f6896d41e86bda845164825e28b9fb719e695a9ed5710f924aefde1c96bebe4274594038347691a088f9bcaeba90315d3b3cfc24388cc15dffeda1bd610582c5b74fa6c6e789ce440f71871a028b85000000005806743e8e075b8624686ceb21db0100fd74dd0067d82a72c099a2d52a599494388cb56cdb5ef9190980f9128e689ecee98b2ed59e1537fc9fe144dc2030374b0f5fcfd8f2ef242803f7bcbc07145f65b8912a4a055b858de8acf080852c4dd353a00a5aac3d6a33e0075506a1fd25799f1637b1bafaf09954ef"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2017/12/20 09:44:24 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000bf6000)=0x177, 0x4) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000831000-0x4)=0x25a7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1000000005, &(0x7f0000c22000-0x4)=0x4, 0x4) sendto$inet6(r0, &(0x7f00009f1000-0x3d)="", 0x0, 0x0, &(0x7f0000f5b000-0x1c)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) recvmmsg(r0, &(0x7f0000f61000)=[{{&(0x7f0000f63000-0x10)=@ipx={0x0, 0x0, 0x0, ""/6, 0x0, 0x0}, 0x10, &(0x7f0000f5d000)=[], 0x0, &(0x7f0000f62000)=""/0, 0x0, 0x0}, 0x0}], 0x1, 0x2041, 0x0) 2017/12/20 09:44:24 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x45, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x46, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f00002d2000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000b92000-0x4)=0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000533000)={@common="697064647030000000ffde00", @ifru_addrs=@hci={0x1f, 0x0, 0x0}}) 2017/12/20 09:44:24 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000058000)='keyring\x00', &(0x7f00008af000)={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$describe(0x6, r0, &(0x7f0000bea000-0xab)=""/171, 0xab) r1 = socket$inet6(0xa, 0x2, 0x0) add_key$user(&(0x7f0000cc3000-0x5)='user\x00', &(0x7f00006b6000)={0x73, 0x79, 0x7a, 0x1, 0x0}, &(0x7f000082b000-0x1f)="22e319317f3c35c14cf4472d919cc97f09fea0d8f5da58f0d6eb62a6d7fb26", 0x1f, r0) connect$inet6(r1, &(0x7f0000bb6000)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000002000-0x1c)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, 0x0}, 0x1c) 2017/12/20 09:44:24 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000083c000-0x30)={0x1, 0x3, &(0x7f0000012000)=[@generic={0x15b4, 0x0, 0x0, 0x240}, @generic={0x555, 0x0, 0x0, 0x0}, @generic={0xd39d, 0x0, 0x0, 0x0}], &(0x7f00003f7000)='system\x00', 0xfffffffffffffff8, 0x80, &(0x7f0000af4000-0x80)=""/128, 0x0, 0x0}, 0x30) r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f00003d9000)='/selinux/access\x00', 0x2, 0x0) r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000ffb000)='/selinux/context\x00', 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000ae2000-0x8)={r2, r0}) [ 30.466904] audit: type=1400 audit(1513763064.422:12): avc: denied { map } for pid=3407 comm="syz-executor0" path="/dev/binder0" dev="devtmpfs" ino=8871 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 2017/12/20 09:44:24 executing program 5: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000001000-0x5c)={0x0, 0x0, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xfffffffffffffffd}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) lstat(&(0x7f0000401000)='./file0\x00', &(0x7f0000f9d000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, 0x0, r1, r2) 2017/12/20 09:44:24 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvfrom$inet6(r0, &(0x7f0000e69000-0xd7)=""/215, 0xd7, 0x1, &(0x7f0000c35000-0x1c)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f000047e000)='/selinux/load\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto$ipx(r1, &(0x7f0000002000-0x3f)="18befab10bcfe3a92f86848ff571afcdb5f104d61e12fd9f6aa974c5441b7aea5e701b6d206577e52bbc0d8dd2b48015ce1da0b59beb50417f4e145610bd46", 0x3f, 0x840, &(0x7f0000003000-0x10)={0x4, 0x3, 0x1, "7482776d913b", 0xfff, 0x0}, 0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x8, 0xffff, 0x10000}, &(0x7f0000002000-0x4)=0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r3 = semget$private(0x0, 0x5, 0xa) semctl$IPC_RMID(r3, 0x0, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000001000)=[{&(0x7f0000000000)=@in={0x2, 0x1, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000002000-0x40)=[{&(0x7f0000001000)="c4f525538a0d780a1084d825e5fa12b85922f06c128fab2d25052ff4d2a5ea36c22fa8de78b943aa9a63953973b3bed9fb5bed46d7ee1646d2e62caae6e272b1458706f6a66ebd42c881e561", 0x4c}, {&(0x7f0000001000)="", 0x0}, {&(0x7f0000001000-0xc9)="4f46e8f20bf8d18aa5576c6e7914ba77e3353df5435a9b2704a3ec3ae9f393089408234372619b3c82481363058d8c825c964042dde6c773e8dcf2b10a01bbafde123d5a74c8986b65a22b23227fd277cf92166f9b1ac4ec452af0b5d3e6dd42f636fde4e5ef785d67e62958c08d49ae60d45aa36fd3b6554f87fc4cf01e9f1b87e16f11db5b4f33cdeacedb890b63031880dbc930de5f346b6a2c9e04cdf222986f3c341e808cc3fa31f190a2927cefbdf6e28f2ae7469c806943766192375a3f7b4c288374fb8fae", 0xc9}, {&(0x7f0000002000-0xca)="4daf3e9aa1c73c3f631bea6ee8f0a4c1796afae4edfe0a378c5d35ec88e21a74b6e9e8fcc68444d527cb295788e0ef61f430c1651e6afb1aa739c57a92b732ca268048673e9217e1f40ddad6d9ad7132b65ad38b1564a0f62bd4c0943d28516a39fd3957d2d557383ca06f205bbb53f95c55aaf0fbbb39589b566667b51fb62ab5300e7f57d6bf1a058cae997e723100c5513d46de8c94e1e389d0bf1fd60f38525154afe1757079dbb9a7c6f08517aa07b9c7a64b75e37a541961c54a9e1ed2932e1acd2c55d696120d", 0xca}], 0x4, 0x0, 0x0, 0x400c044}, {&(0x7f0000002000-0x10)=@in={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000001000-0x30)=[{&(0x7f0000001000)="9337f438f098225ef599592404b68a120080b8c1c7d0bdad528b24f67159a2ac8edc0b2002e9cf0e283a03b673f1a8be2f49c861db6ed5a241280cce6a622b72646691063cbd220ffe33471515a1a2ca9690bf751c7d0543eb02a8cb76a2432100a24c7ed3b5a89eddb52c758c43c20cb39af71199095650aa709e7e2679f9d96ade929a8f9816974128138029b802021e1e122166e3c1", 0x97}, {&(0x7f0000000000)="", 0x0}, {&(0x7f0000002000-0x9b)="df58ac31207cfa8079fb19008a50a84ac05cf81d13932da8e4fb8f328a3928bbe686750aa9136917cd5a7497214311acfb23cd0bcb7e1199079dfa0984323c5663300b13d04b59ceb1a56c7542f4ee42fbb4380be41c31daf600a86a625b3c8d607bd9a0ea2ee38e66928c0022a3bf73fe7a604cf97de1d0bec9f3fd94d76ce062877d05b2e670d83534fb36d1cda9d57a78abe6a90e4dd226a816", 0x9b}], 0x3, &(0x7f0000002000-0x90)=[@sndinfo={0x20, 0x84, 0x2, {0x40, 0x201, 0x40, 0xc973, r2}}, @init={0x18, 0x84, 0x0, {0x3, 0x3, 0x69, 0x7}}, @init={0x18, 0x84, 0x0, {0x8, 0x22, 0x7fffffff, 0x4}}], 0x90, 0x4000}, {&(0x7f0000002000-0x1c)=@in6={0xa, 0x3, 0xffff, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x9}, 0x1c, &(0x7f0000002000-0x20)=[{&(0x7f0000000000)="c6e403b787a5962a2f538fa71bb233fb7da21406b2476d797b4d4c6b4428c61e786eeeb18ef6c4be8ad8adc997c03286750efebf24c44b020ff3cea94eb77d161df72b334687f7f73d1f17313bf976fa6635e0ba416e76921c9a2da64051d11028e88a85703f727752c0f9c34dc7a3d0b904075002278ca863bbe2623b48450b34bb64226f", 0x85}, {&(0x7f0000001000)="c614b0bd6cb319bc8756ee19870282822561ce47bbcb2d2faa26191a8ecb0fe8bf03c19c06955c07eca75dc02af1972cafdaf4ff73916ca73152d2c4bfe688b16ff000e44ed8df0cf9c773bfeea8a316ebc8a607d99fb90b00c9403a7ba73724ba8dbe931807982fb7222ca7d49ad598e92123a6f591f124d72c38ef9a55aee5364faccbdb21d57154a136ae1e90039a322242ab4b4992becb2886dbff6f7c9a6c5e", 0xa2}], 0x2, 0x0, 0x0, 0x4}], 0x3, 0x40000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f000043a000-0x8)=@assoc_value={0x0, 0x0}, &(0x7f0000001000-0x4)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000849000-0x6)={r4, 0x63b}, 0x6) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000001000)=0x0, &(0x7f0000001000)=0x4) [ 30.477438] binder: 3407:3411 ERROR: BC_REGISTER_LOOPER called without request [ 30.477457] binder: 3411 RLIMIT_NICE not set [ 30.509162] binder: 3411 RLIMIT_NICE not set [ 30.511315] binder: 3411 RLIMIT_NICE not set [ 30.525349] binder: unexpected work type, 4, not freed [ 30.525359] binder: undelivered TRANSACTION_COMPLETE [ 30.525383] binder: undelivered TRANSACTION_COMPLETE [ 30.525395] binder: undelivered transaction 3, process died. [ 30.533989] binder: 3407:3411 ERROR: BC_REGISTER_LOOPER called without request [ 30.534051] binder: 3411 RLIMIT_NICE not set [ 30.538365] [ 30.538368] ============================================ [ 30.538370] WARNING: possible recursive locking detected [ 30.538376] 4.15.0-rc2-mm1+ #39 Not tainted [ 30.538378] -------------------------------------------- [ 30.538382] syz-executor1/3417 is trying to acquire lock: [ 30.538384] (rtnl_mutex){+.+.}, at: [<000000004c3c8b9d>] rtnl_lock+0x17/0x20 [ 30.538405] [ 30.538405] but task is already holding lock: [ 30.538406] (rtnl_mutex){+.+.}, at: [<000000004c3c8b9d>] rtnl_lock+0x17/0x20 [ 30.538422] [ 30.538422] other info that might help us debug this: [ 30.538423] Possible unsafe locking scenario: [ 30.538423] [ 30.538425] CPU0 [ 30.538426] ---- [ 30.538428] lock(rtnl_mutex); [ 30.538432] lock(rtnl_mutex); [ 30.538437] [ 30.538437] *** DEADLOCK *** [ 30.538437] [ 30.538438] May be due to missing lock nesting notation [ 30.538438] [ 30.538442] 1 lock held by syz-executor1/3417: [ 30.538443] #0: (rtnl_mutex){+.+.}, at: [<000000004c3c8b9d>] rtnl_lock+0x17/0x20 [ 30.538454] [ 30.538454] stack backtrace: [ 30.538460] CPU: 1 PID: 3417 Comm: syz-executor1 Not tainted 4.15.0-rc2-mm1+ #39 [ 30.538464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.538467] Call Trace: [ 30.538477] dump_stack+0x194/0x257 [ 30.538486] ? arch_local_irq_restore+0x53/0x53 [ 30.538498] __lock_acquire+0x11cf/0x47f0 [ 30.538505] ? __unwind_start+0x169/0x330 [ 30.538521] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 30.538528] ? save_stack_trace+0x1a/0x20 [ 30.538534] ? __lock_acquire+0x324e/0x47f0 [ 30.538542] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 30.538548] ? trace_event_raw_event_lock+0x340/0x340 [ 30.538556] ? __kernel_text_address+0xd/0x40 [ 30.538563] ? do_vfs_ioctl+0x1b1/0x1530 [ 30.538574] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 30.538583] ? trace_event_raw_event_lock+0x340/0x340 [ 30.538587] ? save_trace+0xe0/0x2b0 [ 30.538597] ? check_noncircular+0x20/0x20 [ 30.538606] ? trace_event_raw_event_lock+0x340/0x340 [ 30.538615] ? check_noncircular+0x20/0x20 [ 30.538622] ? __free_insn_slot+0x5c0/0x5c0 [ 30.538634] lock_acquire+0x1d5/0x580 [ 30.538640] ? rtnl_lock+0x17/0x20 [ 30.538650] ? lock_release+0xda0/0xda0 [ 30.538657] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.538666] ? rcu_note_context_switch+0x710/0x710 [ 30.538673] ? __might_sleep+0x95/0x190 [ 30.538678] ? rtnl_lock+0x17/0x20 [ 30.538687] __mutex_lock+0x16f/0x1a80 [ 30.538692] ? rtnl_lock+0x17/0x20 [ 30.538700] ? lock_release+0xda0/0xda0 [ 30.538704] ? rtnl_lock+0x17/0x20 [ 30.538713] ? mutex_lock_io_nested+0x1900/0x1900 [ 30.538720] ? unwind_get_return_address+0x61/0xa0 [ 30.538728] ? trace_hardirqs_off+0xd/0x10 [ 30.538735] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 30.538745] ? depot_save_stack+0x2ca/0x460 [ 30.538756] ? selinux_tun_dev_free_security+0x15/0x20 [ 30.538763] ? save_stack+0xa3/0xd0 [ 30.538768] ? save_stack+0x43/0xd0 [ 30.538773] ? kasan_slab_free+0x71/0xc0 [ 30.538780] ? kfree+0xca/0x250 [ 30.538787] ? selinux_tun_dev_free_security+0x15/0x20 [ 30.538793] ? security_tun_dev_free_security+0x48/0x80 [ 30.538801] ? tun_free_netdev+0x153/0x1f0 [ 30.538809] ? register_netdevice+0x97b/0x1010 [ 30.538816] ? __tun_chr_ioctl+0x1ca3/0x3f10 [ 30.538822] ? tun_chr_ioctl+0x2a/0x40 [ 30.538828] ? do_vfs_ioctl+0x1b1/0x1530 [ 30.538834] ? SyS_ioctl+0x8f/0xc0 [ 30.538842] ? entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.538853] ? find_held_lock+0x39/0x1d0 [ 30.538861] ? check_noncircular+0x20/0x20 [ 30.538868] ? print_usage_bug+0x3f0/0x3f0 [ 30.538876] ? lock_downgrade+0x980/0x980 [ 30.538883] ? tun_flow_flush+0x41/0xe0 [ 30.538891] ? mark_held_locks+0xb2/0x100 [ 30.538902] ? mark_held_locks+0xb2/0x100 [ 30.538909] ? kfree+0xe4/0x250 [ 30.538916] ? selinux_tun_dev_free_security+0x15/0x20 [ 30.538924] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.538931] ? trace_hardirqs_on+0xd/0x10 [ 30.538940] mutex_lock_nested+0x16/0x20 [ 30.538946] ? security_tun_dev_free_security+0x67/0x80 [ 30.538952] ? mutex_lock_nested+0x16/0x20 [ 30.538958] rtnl_lock+0x17/0x20 [ 30.538965] tun_free_netdev+0x158/0x1f0 [ 30.538973] ? tun_xdp+0x410/0x410 [ 30.538980] ? __lockdep_init_map+0xe4/0x650 [ 30.538989] ? tun_detach_all+0xb50/0xb50 [ 30.538996] ? tun_xdp+0x410/0x410 [ 30.539004] register_netdevice+0x97b/0x1010 [ 30.539013] ? netdev_change_features+0x100/0x100 [ 30.539022] ? round_jiffies_up+0xce/0x100 [ 30.539030] ? __round_jiffies_up_relative+0x150/0x150 [ 30.539038] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.539046] ? selinux_tun_dev_alloc_security+0x124/0x170 [ 30.539056] __tun_chr_ioctl+0x1ca3/0x3f10 [ 30.539068] ? tun_chr_read_iter+0x1e0/0x1e0 [ 30.539076] ? lock_downgrade+0x980/0x980 [ 30.539084] ? avc_ss_reset+0x110/0x110 [ 30.539092] ? lock_release+0xda0/0xda0 [ 30.539100] ? __lock_is_held+0xbc/0x140 [ 30.539116] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 30.539124] ? get_unused_fd_flags+0x190/0x190 [ 30.539133] ? tun_chr_compat_ioctl+0x30/0x30 [ 30.539140] tun_chr_ioctl+0x2a/0x40 [ 30.539146] ? tun_chr_ioctl+0x2a/0x40 [ 30.539155] do_vfs_ioctl+0x1b1/0x1530 [ 30.539173] ? _cond_resched+0x14/0x30 [ 30.539184] ? ioctl_preallocate+0x2b0/0x2b0 [ 30.539192] ? selinux_capable+0x40/0x40 [ 30.539204] ? SyS_futex+0x269/0x390 [ 30.539216] ? security_file_ioctl+0x89/0xb0 [ 30.539226] SyS_ioctl+0x8f/0xc0 [ 30.539237] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.539243] RIP: 0033:0x452a09 [ 30.539246] RSP: 002b:00007f6ba83a0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 30.539253] RAX: ffffffffffffffda RBX: 00007f6ba83a1700 RCX: 0000000000452a09 [ 30.539256] RDX: 0000000020533000 RSI: 00000000400454ca RDI: 0000000000000013 [ 30.539260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 30.539263] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 30.539266] R13: 0000000000a2f7ff R14: 00007f6ba83a19c0 R15: 0000000000000000 [ 30.545247] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu [ 30.559132] binder: 3411 RLIMIT_NICE not set [ 30.560122] binder: 3407:3435 got reply transaction with no transaction stack [ 30.560131] binder: 3407:3435 transaction failed 29201/-71, size 32-8 line 2747 [ 30.565860] binder: release 3407:3422 transaction 7 out, still active [ 30.565872] binder: undelivered TRANSACTION_COMPLETE [ 30.565882] binder: undelivered TRANSACTION_ERROR: 29201 [ 30.566112] binder: release 3407:3411 transaction 7 in, still active [ 30.566117] binder: send failed reply for transaction 7, target dead [ 31.254172] audit: type=1400 audit(1513763064.427:13): avc: denied { set_context_mgr } for pid=3407 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 31.277324] audit: type=1400 audit(1513763064.459:14): avc: denied { call } for pid=3407 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 31.299549] audit: type=1400 audit(1513763064.467:15): avc: denied { transfer } for pid=3407 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 31.322703] audit: type=1400 audit(1513763064.481:16): avc: denied { prog_load } for pid=3424 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 31.345238] audit: type=1400 audit(1513763064.487:17): avc: denied { net_admin } for pid=3415 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.369522] audit: type=1400 audit(1513763064.513:18): avc: denied { net_raw } for pid=3432 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1